Managing access control complexity using metrics

Research output: Chapter in Book/Report/Conference proceedingConference contribution

10 Scopus citations

Abstract

General access control models enable flexible expression of access control policies, but they make the verification of whether a particular access control configuration is safe (i.e., prevents the leakage of a permission to an unauthorized subject) difficult. The current approach to expressing safety policy in such models is to use constraints. When the constraints are verified, then the configuration is verified to be safe. However, the addition of constraints to an access control configuration significantly increases its complexity, so it quickly becomes difficult to understand the access control policy expressed in the configuration such that future changes can be made correctly. We propose an approach whereby the complexity of each access control configuration is estimated, so the administrators can see the effect of a configuration change on the future ability to maintain the configuration. We identify metrics for making complexity estimates and evaluate these metrics on some constraint examples. Our goal is to enable the use of flexible access control models for safety-critical systems by permitting limited use of constraints that do not complicate the configuration beyond a maintainable complexity.

Original languageEnglish (US)
Title of host publicationProceedings of Sixth ACM Symposium on Access Control Models and Technologies (SACMAT 2001)
Pages131-139
Number of pages9
StatePublished - Dec 1 2001
EventProceedings of the sixth ACM Symposium on Access Control Models and Technologies (SACMAT 2001) - Chantilly, VA, United States
Duration: May 3 2001May 4 2001

Publication series

NameProceedings of Sixth ACM Symposium on Access Control Models and Technologies (SACMAT 2001)

Other

OtherProceedings of the sixth ACM Symposium on Access Control Models and Technologies (SACMAT 2001)
CountryUnited States
CityChantilly, VA
Period5/3/015/4/01

All Science Journal Classification (ASJC) codes

  • Engineering(all)

Fingerprint Dive into the research topics of 'Managing access control complexity using metrics'. Together they form a unique fingerprint.

  • Cite this

    Jaeger, T. (2001). Managing access control complexity using metrics. In Proceedings of Sixth ACM Symposium on Access Control Models and Technologies (SACMAT 2001) (pp. 131-139). (Proceedings of Sixth ACM Symposium on Access Control Models and Technologies (SACMAT 2001)).